In recent years, jurisdictions have become increasingly focused on regulating the use of crypto in financial crimes. With the UK updating its sanctions regulatory framework, the U.S. releasing its updated sanctions guidance focusing on the crypto industry, and jurisdictions increasing coordinated sanctions enforcement activities, it is clear that countries around the globe are using sanctions as a tool to combat the use of crypto in financial crimes.

Crypto businesses are often subjected to overlapping sanctions regimes. Since these sanctions hold robust compliance requirements on one hand and huge penalties on the other, crypto businesses should have an understanding of what sanctions are and what are some of their core compliance principles.

1] What are sanctions and what are the different types?

Sanctions are political or economic measures put in place by international, regional, and state bodies with the aim of influencing the behavior of a particular country’s regimes, individuals, or groups to achieve foreign policy and security goals. The types of sanction measures put in place can vary widely such as economic, diplomatic, and military sanctions.

Economic Sanctions are commercial and financial penalties that are issued to harm the economic interest of the sanctioned entity. Economic sanctions usually take the form of restrictions on imports or exports, or on financial transactions. To implement diplomatic sanctions, jurisdictions use diplomatic and political means to express disapproval or displeasure at a certain activity. Military sanctions are only imposed during extraordinary circumstances. Military sanctions can range from carefully targeted military strikes to the less aggressive form of an arms embargo. United Nations Security Council (UNSC) also places sanctions on political leaders or economic individuals.

2] What are the relevant regulatory bodies that administer or enforce sanctions?

While there are a number of organizations around the world that monitor for and apply sanctions — such as the United Nations and the World Bank— there are three major jurisdictions leading economic sanctions in the world: the United States, the United Kingdom, and Israel.

In the U.S. OFAC within the Department of the Treasury issues sanctions in conjunction with the state department and other U.S. agencies. Whereas in the UK, multiple agencies at the federal level are responsible for issuing sanctions. In the UK, financial sanctions are designed in the Foreign, Commonwealth & Development Office (FCDO) and implemented by HM Treasury’s Office of Financial Sanctions Implementation (OFSI), while sanctions related to export controls and arms embargoes are administered by the UK Department of Business Innovation and Skills (BIS).

In Israel, both direct and indirect economic sanctions are issued by Israel Sanctions Bureau (ISB) issues. Additionally, the National Bureau of Counter Terror Financing (NBCTF) at the Ministry of Defence also administers sanctions pursuant to Israel’s counterterrorism law.

3] Who is the target of sanctions?

Depending on the jurisdiction, sanctions can be focused on a variety of different targets in an attempt to influence the activities of a particular state, regime, or group of individuals. For instance, the U.S. sanctions regime encompasses three broad types of sanctions — list-based blocking sanctions, targeted sanctions, and region-dependent sanctions.

As a part of its enforcement efforts in the U.S., OFAC maintains the list of Specially Designated Individuals (the SDN list). This list includes individuals and entities owned, controlled, or acting for targeted countries or individuals or entities linked to terrorism or drug trafficking. Over the years, the OFAC has added several crypto wallet addresses and privacy coins to its SDN List. Through targeted sanctions, OFAC prohibits transactions related to goods, technologies, and services with specific sanctioned entities or individuals, or certain industries or sectors of a country’s economy. Comprehensive sanctions prohibit nearly all exports and other business transactions without government authorization. There are five major country-based sanctions programs currently in effect — Iran, the Central African Republic, Syria, Cuba, and North Korea.

UK’s OFSI maintains a consolidated list of financial sanctions targets. This list contains all entities and individuals that have been designated by the UN and/or the UK under specific financial sanctions legislation. The OFSI also maintains a list of entities subject to restrictive measures in view of Russia’s actions destabilizing the situation in Ukraine.

Israel has placed a total and rigorous ban on conducting business activity directly or indirectly with enemy countries, its citizens, and anyone on its behalf.  Iran, Lebanon, and Syria are categorized as enemy countries under the Trading with the Enemy Ordinance 1939. Other than jurisdiction-specific sanctions, Israel also issues sanctions against entities designated as terrorist organizations by the Minister of Defence under the Counterrorism Law, 2016. On July 7, 2021, ISB and NBCTF ordered the seizure of 84 crypto asset wallets that they believed to be linked with Hamas.

Who must comply with sanctions?

In most jurisdictions, individuals and legal entities who are within a jurisdiction or undertake activities within a jurisdiction have to comply with the sanctions. Within the U.S., all U.S. persons have to comply with OFAC regulations, including all U.S. citizens and permanent resident aliens regardless of where they are located, persons and entities within the U.S. and the U.S. incorporated entities and their foreign branches. Additionally, some programs such as the U.S. sanctions with respect to Cuba apply not only to U.S. persons but also to non-U.S. entities owned or otherwise controlled by U.S. persons. Certain programs also require foreign persons in possession of U.S.-origin goods to comply.

Similar to the U.S., sanctions imposed by the UK apply to all UK persons, entities, and individuals located within the UK and entities incorporated in the UK, including foreign branches and offices. Unlike the U.S., sanctions in the UK may potentially apply to foreign subsidiaries if the UK parent maintains substantial control or oversight over subsidiaries.

Generally, Israeli sanction frameworks are subject to ordinary territorial jurisdiction prescribed under the Israeli law. However, the financing of entities designated as terrorist organizations pursuant to the Counter-Terrorism Law of 2016 will have an extraterritorial application — sanctions will apply irrespective of whether activities took place within or outside the territory of Israel.

5] Implementation and Enforcement of Sanctions 

Every jurisdiction has its own sanction implementation and enforcement scheme. However, there are some commonalities between jurisdictions. For example, both the UK and the U.S have provisions for freezing assets of designated individuals and entities.

In the U.S., funds or other assets of persons listed on the SDN List and of entities who fall under the 50% rule are frozen. Under OFAC’s rule, despite not being on the SDN list, entities that are 50% or more owned directly or indirectly by one or more of the SDNs are considered blocked. In the UK, entities that are designated under FSI’s consolidated list are subject to an asset freeze. Unlike the U.S. and the U.K., the sanctions framework of Israel does not allow for the implementation of asset freezes. However, asset freezes can become permissible when the entity against whom the sanction is imposed is considered to be a terrorist organization.

Further, the UK, Israel, and the U.S. all implement criminal penalties for willful violation of sanction laws. Additionally, the U.S. also has a strict liability regime. While the fact of a violation — without proof of fault or intent —results in civil liability, OFAC does take fault and intent into consideration when deciding on the penalty to be imposed. 

6] Sanctions in the age of cryptocurrency

The crypto industry has experienced extraordinary growth over the years. Though the regulators accept that most of the activity related to crypto is licit, they are also worried about the increased use of crypto in facilitating illicit transactions such as ransomware payments. Further, the use of cryptocurrency, especially decentralized stablecoins, to evade sanctions has been a cause of concern for the regulators.

To combat the use of crypto in financial crimes, the jurisdictions are taking an array of measures, including sanctions. On April 26, 2021, the UK government brought into force a new sanctions regime by enacting Global Anti Corruption Sanctions Regulation 2021, designed to target individuals involved in serious corruption and prevent them from entering the UK or using the UK financial system. 

On Oct 15, 2021, the OFAC published tailored guidance for the cryptocurrency industry that highlights sanctions compliance requirements and provides industry-specific advice regarding OFAC’s compliance expectations.

Jurisdictions have also been taking coordinated enforcement actions. For example, both the U.S. and Israel designated entities possessing Hamas-linked wallets. Further, the Estonian Financial Intelligence Unit also worked closely with the U.S. to identify the activities of entities providing material support to the Chatex crypto exchange that facilitated ransomware payments.

How Can Merkle Science Help?

Jurisdictions around the world are proactively working towards strengthening their sanctions regime and are putting in place checks to curb the use of crypto in sanction evasions. Merkle Science provides sanction screenings for wallet addresses that are tagged and constantly updated against sanctioned entities. Methods such as clustering also help identify addresses that have a high probability of being associated with said sanctioned entities. Further, Merkle Science’s highly customizable platform and proprietary Behavioral Rule Engine allows compliance officers to institutions to detect illicit activity beyond the blacklists so that FIs may catch undetected suspicious activity that legacy providers might miss and better meet AML and KYC obligations as per guidance from jurisdictions around the world.